Spoofing Vulnerability in .NET and Visual Studio by Microsoft
CVE-2025-26646
8HIGH
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 13 May 2025
What is CVE-2025-26646?
An external control of file name or path in the .NET Framework, Visual Studio, and Build Tools for Visual Studio enables an authorized attacker to manipulate file paths, leading to potential spoofing attacks over a network. This vulnerability can allow an attacker to execute unauthorized commands or access sensitive information, jeopardizing the integrity and security of applications developed using these platforms.
Affected Version(s)
.NET 8.0 Unknown 8.0.0 < 8.0.16
.NET 9.0 Unknown 9.0.0 < 9.0.5
Build Tools for Visual Studio 2022 Unknown 17.0